Have something to say?

Ready to be published? LXer is read by around 350,000 individuals each month, and is an excellent place for you to publish your ideas, thoughts, reviews, complaints, etc. Do you have something to say to the Linux community?

Debian alert: fsh symlink attack

Colin Phipps found an interesting symlink attack problem in fsh (a
tool to quickly run remote commands over rsh/ssh/lsh). When fshd
starts it creates a directory in /tmp to hold its sockets. It tries
to do that securely by checking of it can chown that directory if
it already exists to check if it is owner by the user invoking it.
However an attacker can circumvent this check by inserting a
symlink to a file that is owner by the user who runs fhsd and
replacing that with a directory just before fshd creates the
socket.